3. What do we call Coding Rule Violations?
2014.08.01. FrontEndART.com 3
• Source code patterns which indicate potential faults
• These patterns come from actual bugs and include
• Common programming mistakes
• Bad programming habits
• Performance issues
• The patterns are gathered by developer communities
• Documented Eclipse bug fixes
• Chapters of the Effective Java book
• Blog posts on the http://thedailywtf.com website
4. Bugs? Come on!
2014.08.01. FrontEndART.com 4
• Developers are smart.
• Smart people don’t make dumb mistakes.
• WRONG!
• Smart people do make dumb mistakes.
• Common issues:
• Wrong boolean operator, missing parenthesis, etc.
• Misunderstood class or method invariants
5. Can You Find The Bug?
2014.08.01. FrontEndART.com 5
JDK 1.6.0, b105, sun.awt.x11.XMSelection
if (listeners == null)
listeners.remove(listener);
6. Control Flow Conventions Performance
Open Stream Suspicious Equals Method Use Arrays As List
Avoid Catching NPE Naming Conventions Unused Constructor
StringBuffer Instead Of Concat Npath Complexity Unused Imports
Empty Catch Block Cloneable Implementation Too Many Fields
2014.08.01. FrontEndART.com 6
Some Frequent Anti-Pattern Categories
9. Popular Solutions
2014.08.01. FrontEndART.com 9
• CheckStyle
Coding standard checker
Highly configurable
× Small amount of implemented rules
× Rules are mostly for style conventions,
not for fault prevention
• FindBugs
Looks for bugs in Java code
Finds NPEs, typos, inconsistencies
× A lot of irrelevant warnings
× Does not show the roots of the problems
• PMD
Open-source code violation checker
Many rules
× A lot of irrelevant warnings
× Several significant warning are not found
10. Pros and Cons
Relevant warning
Issues are found during
development
Trains developers (lots of skills
can be learned from following
coding rules!)
Reduces project costs
Increases efficiency
Irrelevant warning
Creates work overhead
Developers will start ignoring
coding issue warnings
Causes stress
Convinces developers that the
code lacks actual coding issues
even when there are a lot.
2014.08.01. FrontEndART.com 10
11. Can You Find The Bug?
2014.08.01. FrontEndART.com 11
// com.sun.xml.internal.txw2.output.XMLWriter
try { … }
catch (IOException e) {
new SAXException(”Server side Exception:” + e);
}
// com.sun.xml.internal.txw2.output.XMLWriter
try { … }
catch (IOException e) {
throw new SAXException(”Server side Exception:” + e);
}
12. False Positive and True Negative hits
2014.08.01. FrontEndART.com 12
Found Faults
Faults
Not Faults
True Negative
False Positive
Solution?
13. False Positive and True Negative hits
2014.08.01. FrontEndART.com 13
Found Faults
Faults
Not Faults
True Negative
False Positive
We need a bigger boat!
14. False Positive and True Negative hits
2014.08.01. FrontEndART.com 14
Found Faults
Faults
Not Faults
True Negative
False Positive
We need a bigger boat!
16. FaultHunter
2014.08.01. FrontEndART.com 16
• Advanced static analysis engine
• Re-implements inaccurate
PMD rule violations
• 62 implemented PMD rule definitions
• Defines new rules
• 8 new rule definitions
• Precise and efficient
• A module of SourceMeter
• Supports Ant and Maven integration
• Is part of the SourceMeter for SonarQube plugin
22. Precise and Efficient
2014.08.01. FrontEndART.com 22
Uses 50% more memory than PMD on the same source set
Runs 50% longer than PMD on the same source set
BUT!
• Finds 99.97% more faults than PMD
• Skips 14.92% of false positive warnings
23. Examples
2014.08.01. FrontEndART.com 23
• org.eclipse.ui.forms/src/org/eclipse/ui/forms/DetailsPart.java
EIF – Empty If Statement
PMD misses it, FaultHunter doesn’t.
True Negative
What was the programmer’s intention? Did
they simply forget to code the instructions?
Potential threat!
24. Examples
2014.08.01. FrontEndART.com 24
• org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/internal/WorkbenchWindow.java
BGMN – Boolean Get Method Name
PMD misses it, FaultHunter doesn’t.
True Negative
• org.eclipse.ui.ide/src/org/eclipse/ui/internal/ide/misc/
ProjectCapabilitySelectionGroup.java
Issue: JavaEE, SpringFramework
searches for getters like isShellActivated()
or isModified() Error!
26. Examples
2014.08.01. FrontEndART.com 26
• org.eclipse.core.resources/src/org/eclipse/core/internal/events/
NotificationManager.java
MBIS – Missing Break In Switch
PMD misses it, FaultHunter doesn’t.
True Negative
Why is the break statement missing?
It was intentional, as the comment
indicates.
27. Examples
2014.08.01. FrontEndART.com 27
• Log4jsrcmainjavaorgapachelog4jNDC.java
Is it really necessary to use the thread-safe Vector class?
If this is not the case, we can use the ArrayList class which
offers a much faster implementation with the same functionality.
(Collections.synchronizedList(…) can be used in
a multi-threaded environment too!)
Comment indicates that developers see the problem as well.
UALIOV – Use Array List Instead Of Vector
PMD misses it, FaultHunter doesn’t.
True Negative